From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Tue, 26 Dec 1995 02:28:37 +0800
To: grafolog@netcom.com (Jonathan Blake)
Subject: Re: Only accepting e-mail from known parties
In-Reply-To: <Pine.SUN.3.91.951225091910.27577B-100000@netcom23>
Message-ID: <199512251804.NAA01482@homeport.org>
MIME-Version: 1.0
Content-Type: text


Jonathan Blake wrote:

| > also need to make sure that there is ONLY PGP-signed content in the
| > mail.  Otherwise Mallet could grab an innocuous mail message that
[...]
| > I'm sure there's other caveats, these are just the ones I can think of now.
| 
| 	Let's figure out some more threat models.  And how to counter
| 	them.  
| 
| 	Man in the middle --- he has your public key, joe@none.net's
| 	public key, and access to both your pbulic ring, and 
| 	joe@none.net public ring.   I don't know know how to counter
| 	this one using filters with perl --- yet.

	The real threat model that Dimitri seems to be worried about
is spammers, so lets address them.

There are two types of spammers, commercial and personal.

	The commercial spammer wants to get messages into hundreds or
thousands of mail boxes.  The effort to do this, per mailbox, needs to
be very low, or they go for people with worse filters.

	The personal spammer is more difficult, since they seek
specifically to annoy you, and can thus be expected to expend more
effort.  They can possibly get a copy of each signed message that
comes to you, but of course, you can cache filter them.  A problem
occurs if they can get their spam to you before the legit message, in
which case you need to wade through tripe to get to the real message.

	The personal spammer is a social problem, and I recommend
using social methods to fix it.  An auto-responder that says "Please
grow up" might do the trick.




-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume